From 3431a53797bc024dab0b2db201e863460c908db0 Mon Sep 17 00:00:00 2001
From: Byron Jones <glob@mozilla.com>
Date: Mon, 17 Aug 2015 12:11:48 +0800
Subject: Bug 1193190 - 'view account history' on edituser should include
 audit_log entries

---
 editusers.cgi | 66 +++++++++++++++++++++++++++++++++++++++++++++++------------
 1 file changed, 53 insertions(+), 13 deletions(-)

(limited to 'editusers.cgi')

diff --git a/editusers.cgi b/editusers.cgi
index b6f5a6c52..e153cfbbc 100755
--- a/editusers.cgi
+++ b/editusers.cgi
@@ -672,20 +672,60 @@ if ($action eq 'search') {
         ($activity_userid, $activity_who) = ($activity_who, $activity_userid);
     }
 
-    $vars->{'profile_changes'} = $dbh->selectall_arrayref(
-        "SELECT profiles.login_name AS who, " .
-                $dbh->sql_date_format('profiles_activity.profiles_when') . " AS activity_when,
-                fielddefs.name AS what,
-                profiles_activity.oldvalue AS removed,
-                profiles_activity.newvalue AS added
-         FROM profiles_activity
-         INNER JOIN profiles ON $activity_who = profiles.userid
-         INNER JOIN fielddefs ON fielddefs.id = profiles_activity.fieldid
-         WHERE $activity_userid = ?
-         ORDER BY profiles_activity.profiles_when",
-        {'Slice' => {}},
-        $otherUser->id);
+    my $sql = "
+        SELECT
+            profiles.login_name AS who,
+            " . $dbh->sql_date_format('profiles_activity.profiles_when') . " AS activity_when,
+            fielddefs.name AS what,
+            profiles_activity.oldvalue AS removed,
+            profiles_activity.newvalue AS added
+        FROM
+            profiles_activity
+            INNER JOIN profiles ON $activity_who = profiles.userid
+            INNER JOIN fielddefs ON fielddefs.id = profiles_activity.fieldid
+        WHERE
+            $activity_userid = ?
+    ";
+    my @values = ($otherUser->id);
+
+    if ($action ne 'admin_activity') {
+        $sql .= "
+            UNION ALL
+
+            SELECT
+                COALESCE(profiles.login_name, '-') AS who,
+                " . $dbh->sql_date_format('audit_log.at_time') . " AS activity_when,
+                field AS what,
+                removed,
+                added
+            FROM
+                audit_log
+                LEFT JOIN profiles ON profiles.userid = audit_log.user_id
+            WHERE
+                audit_log.object_id = ?
+                AND audit_log.class = 'Bugzilla::User'
+                AND audit_log.field != 'last_activity_ts'
+        ";
+        push @values, $otherUser->id;
+    }
+
+    $sql .= " ORDER BY activity_when";
+
+    # massage some fields to improve readability
+    my $profile_changes = $dbh->selectall_arrayref($sql, { Slice => {} }, @values);
+    foreach my $change (@$profile_changes) {
+        if ($change->{what} eq 'cryptpassword') {
+            $change->{what}    = 'password';
+            $change->{removed} = '';
+            $change->{added}   = '(updated)';
+        }
+        elsif ($change->{what} eq 'public_key') {
+            $change->{removed} = '(updated)' if $change->{removed} ne '';
+            $change->{added}   = '(updated)' if $change->{added} ne '';
+        }
+    }
 
+    $vars->{'profile_changes'} = $profile_changes;
     $vars->{'otheruser'} = $otherUser;
     $vars->{'action'} = $action;
 
-- 
cgit v1.2.3-24-g4f1b